From the Experts - VDA Labs

Citrix ADC (Netscaler ADC) Multi-Factor Bypass

Oct 26, 2020 | Misconfiguration, Pentesting, Security, Vulnerabilities

While working with a client, VDA engineers encountered an interesting circumstance that allowed for the bypassing of Multi-factor Authentication for users that had already set this up on their accounts. This particular misconfiguration/vulnerability was possible due...

Creating Mayhem: Crashing MP3gain for Fun and CVEs

Sep 3, 2020 | Fuzzing

Creating Mayhem: Crashing for Fun and Profit The team at VDA Labs has been involved with hunting for vulnerabilities in software using a variety of methods for over 20 years. We use manual review, automated dynamic, and static analysis. One of our favorite ways to dig...

All of Your Data are Belong To Us: The Art of Imaging and Analysis

Jul 27, 2020 | Auditing, Forensics, Incident Response, Malware Analysis

All of Your Data are Belong To Us: The Art of Imaging and Analysis VDA labs is brought into many different types of situation where a client may want imaging and analysis. From diagnosing patient zero during a malware outbreaks to employee espionage taking system...

Why Business Email Compromise will Ruin your Business

Jun 12, 2020 | Cybersecurity Awareness Training

Business Email Compromise (BEC) and other forms of social engineering attacks, which often lead to events like ransomware and data theft, are the number one threats companies face today. We know because we conduct incident response. Organizations need all staff to...

BurpSuite Extensions: Some Favorites

May 8, 2020 | AppSec, Pentesting, Security, Tool Development

Part of our internal mentoring and training culture at VDA includes Lunch and Learn events where engineers share helpful information about a relevant security topic. This past week, several of us discussed our favorite BurpSuite extensions, which are helpful additions...

No More Secrets: Logging Made Easy Through Graylog Part 7

Mar 25, 2020 | Graylog, Logging

No More Secrets: Logging Made Easy Through Graylog Part 7 Logging is a important but often overlooked part of an organization’s security posture. Logging without organization, searchability, or reporting leads to data being missed. This a continuation of a longer...

No More Secrets: Logging Made Easy Through Graylog Part 6

Mar 13, 2020 | Graylog, IIS, Logging

No More Secrets: Logging Made Easy Through Graylog Part 6 Logging is a important but often overlooked part of an organization’s security posture. Logging without organization, searchability, or reporting leads to data being missed. This a continuation of a longer...

No More Secrets: Logging Made Easy Through Graylog Part 5

Mar 9, 2020 | Graylog, Logging, Security

No More Secrets: Logging Made Easy Through Graylog Part 5 Logging is a important but often overlooked part of an organization’s security posture. Logging without organization, searchability, or reporting leads to data being missed. This a continuation of a longer...

No More Secrets: Logging Made Easy Through Graylog Part 4

Mar 2, 2020 | Graylog, Logging, Security

No More Secrets: Logging Made Easy Through Graylog Part 4 Logging is a important but often overlooked part of an organization’s security posture. Logging without organization, searchability, or reporting leads to data being missed. This a continuation of a...

No More Secrets: Logging Made Easy Through Graylog Part 3

Feb 26, 2020 | Graylog, Logging, Security

No More Secrets: Logging Made Easy Through Graylog Part 3 Logging is a important but often overlooked part of an organization’s security posture. Logging without organization, searchability, or reporting leads to data being missed. This a continuation of a...

« Older Entries